Cyber resilience: A state of unreadiness

Despite an increasing need for incident response planning, the majority of enterprises do not have an effective strategy to handle cybersecurity incidents, according to results of a recent global study of cyber resilience.

The study, conducted by Ponemon Institute and sponsored by IBM, found that 79% of Australian respondents don’t have a cybersecurity incident response plan they apply consistently across their organisation. And of those who do have a plan in place, more than half don’t test it – leaving them less prepared than they believe they are.

This lack of cyber resilience impacts, not just cybersecurity, but also compliance with the Australian Notifiable Data Breaches (NDB) scheme and General Data Protection Regulation (GDPR) requirements. Nearly half of global respondents say their organisation has yet to reach full compliance with GDPR, nearly a year after the regulation went into effect.

“Failing to plan is a plan to fail when it comes to responding to a cybersecurity incident. These plans need to be stress tested regularly and need full support from the board to invest in the necessary people, processes and technologies to sustain such a program,” said IBM VP of Product Management and Resilient Co-Founder, Ted Julian.

Other key findings from the study include:

Automation in response is still emerging

Less than one-quarter of Australian respondents said their organisation significantly uses automation technologies like identity management and authentication, incident response platforms and security information and event management (SIEM) tools in their response process.

This is a missed opportunity to strengthen cyber resilience. Globally, organisations that fully deploy security automation save $1.55 million on the total cost of a data breach compared to those that don’t, according to the 2018 Cost of a Data Breach Study.

Only 30% of global respondents reported that their cybersecurity staffing is sufficient for a high level of cyber resilience. This skills gap undermines cyber resilience, as understaffed organisations are unable to properly manage resources and needs, and maintain and test their incident response plans.

Furthermore, 75 per cent of respondents rate their difficulty in hiring and retaining skilled cybersecurity personnel as moderately high to high. And nearly half admitted their organisation deploys too many separate security tools, increasing operational complexity and reducing visibility into its overall security posture.

Privacy and cybersecurity go hand in hand

Aligning privacy and cybersecurity roles is essential or very important to achieving cyber resilience for 62% of respondents. The majority believe the privacy role is becoming increasingly important, especially with new regulations like GDPR and the NDB scheme, and are prioritising data protection when making IT buying decisions.

When asked what the top factor was in justifying cybersecurity spend, 56% of global respondents said information loss or theft. This comes as 78% of consumers say a company’s ability to keep their data private is extremely important, and only 20% completely trust organisations to keep their data private, according to a recent consumer survey.

Read “The 2019 Cyber Resilient Organisation” to find out more about how an organisation can maintain its core purpose and integrity in the face of cyberattacks.

Author: Steve O’Donnell, IBM New Zealand’s Managing Partner for Global Business Services An AI-powered agent named Tala may open the door on a new way of measuring sentiment and getting feedback from New Zealand’s ethnic communities. Developed and designed by Beca, one of Asia Pacific’s largest advisory, design and engineering consultancies, The Talanoa Project is […]

Author: Adam Makarucha, AI Practitioner and IBM Q Ambassador, IBM Systems The 70s and 80s were full of iconic moments, religious and royal visits, unique styles (who can forget the flares) and vibrant colour. Looking back, however, some of these historic Australian moments were only ever captured on film in black and white. Not because […]

The Hive

For over 80 years, IBM has been working to solve some of the biggest issues facing Australia and New Zealand. Today IBM is helping doctors diagnose disease, predicting the latest fashion trends and creating better services for citizens.
These are our stories; this is IBM.